Ransomware is the most immediate cyber security threat to UK business, said Lindy Cameron, the CEO of the National Cyber Security Centre (NCSC), in a speech to the think-tank Chatham House yesterday, that reviewed her first year in charge of the official UK agency.
She pointed to how the last year saw ‘real-world impact from a spate of ransomware attacks’, such as against Ireland’s Health Service Executive, ‘leading to months of disrupted appointments and services’.
Many – in fact actually the vast majority – of these high-profile cyber incidents can be prevented by following actionable steps that dramatically improve an organisation’s cyber resilience, she went on. “This advice is freely available on the NCSC website and I would encourage you to visit. Because responsibility for understanding cyber security risks does not start and end with the IT department.”
Her speech covered four cyber security ‘key themes’: the impact of the pandemic; the threat posed by ransomware; the growth of supply chain attacks, and ‘strategic technological challenges’. On ransomware, she said that many organisations – but not enough – routinely plan and prepare for this threat, and have confidence their cyber security and contingency planning could withstand a major incident. “But many have no incident response plans, or ever test their cyber defences.” She added that such attackers are beyond UK borders and authorities (‘the law enforcement challenge these groups pose is acute’).
For the speech in full visit https://www.ncsc.gov.uk/speech/lindy-cameron-first-year.
Comments
Tim Sadler, CEO at Tessian said: “All too often these ransomware attacks start with a phishing email. Why? Because cybercriminals are exploiting a major vulnerability in organisations’ security – employees on email.
“These phishing attacks are advanced, and carefully designed to trick employees into clicking links, downloading malicious attachments or entering their account credentials which enable a cybercriminal to move laterally across the business. By posing as a trusted party on email or applying a sense of urgency to the messages, attackers can manipulate targets into complying with their requests. And they just need one employee to fall for it.
“So, stop phishing attacks, and you significantly reduce the risk of ransomware attacks in organizations. Businesses that arm their employees with the tools and knowledge to spot phishing attacks will be less vulnerable to this growing danger.”
And Torsten George, Cybersecurity Evangelist, Absolute Software, said that in recent attacks criminals have started exploiting smart phone vulnerabilities to penetrate corporate networks. “Recently, a new trend has emerged whereby ransomware attackers not only encrypt an organisation’s systems, but also exfiltrate data and threaten to release it publicly if the ransom is not paid.
“Besides applying fundamental measures to minimise exposure to ransomware attacks like implementing cybersecurity training, regularly updating anti-malware tools, and backing up data frequently, organisations must pay special attention to the state of their endpoints. Endpoint devices are often the launchpad from which ransomware spreads across the network. Therefore, it’s vital to have the necessary systems in place to maintain full visibility and control over your device fleet to assure that you can survive inevitable attacks and continue to do business even under attack. This encompasses the ability to ensure that endpoint security controls are always healthy and functioning as intended to keep threat actors locked out.”
